Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Masquerade's hook_init has an incompatibility with Pressflow in that it initializes a $_SESSION for every pageload whether this is necessary or not:
/**
* Implementation of hook_init().
*/
function masquerade_init() {
global $user;
// load from table uid + session id
$uid = db_result(db_query("SELECT uid_from FROM {masquerade} WHERE sid = '%s' AND uid_as = %d", session_id(), $user->uid));
// using if so that we get unset rather than false if not masqing
if ($uid) {
$_SESSION['masquerading'] = $uid;
}
else {
$_SESSION['masquerading'] = null;
}
}
I believe the fix is as simple as changing the else
statement to be like:
elseif (isset($_SESSION['masquerading'])) {
$_SESSION['masquerading'] = NULL;
}
Patch is attached.
Comment | File | Size | Author |
---|---|---|---|
#5 | masquerade-no-sess-for-anon.patch | 5.25 KB | claudiu.cristea |
masquerade_pressflow_compatibility.patch | 573 bytes | joshk | |
Comments
Comment #1
mrfelton CreditAttribution: mrfelton commentedLets get this committed!
Comment #2
deekayen CreditAttribution: deekayen commentedCommitted to DRUPAL-6--1. HEAD and DRUPAL-5 do this process differently, so I didn't apply it there.
Comment #3
deviantintegral CreditAttribution: deviantintegral commentedJust to confirm, this is a duplicate of #705858: Don't create session var when not masqerading?
Marking as to be ported to remind myself to double check this against HEAD.
Comment #4
claudiu.cristeaRight now, with the code from DRUPAL-6--1 when we masquerade as Anonymous (UID = 0) we are loosing the source user in $_SESSION['masquerade'] because the code from hook_init() triggers only when user_is_logged_in().
Comment #5
claudiu.cristeaHere's a patch that strips out session variable
$_SESSION['masquerading']
when the current user is not masque (not set through Masquerade). The result is that when not masquerading there will be no$_SESSION['masquerading']
variable.When masquerading there will be a
$_SESSION['masquerading']
variable even if masquerading as Anonymous. And this is the right behavior even on Pressflow.Modified also all occurrences of
$_SESSION['masquerading']
to make the code PHP 5.3 safe.Comment #6
deekayen CreditAttribution: deekayen commentedIsn't it safe to unset something that's not set? Can
if (isset($_SESSION['masquerading'])) {
be removed in the init()?Comment #7
deekayen CreditAttribution: deekayen commentedThere are more subscribers on the older issue: #705858: Don't create session var when not masqerading